Azure Bicep Native Parameter Files

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone if you've switched across to using Azure bicep for your infrastructure as code with Azure and you're still using the json-based parameter files well there is great news for you today or this week rather because with the latest version of azure bicep it is now supported to use bicep param files which allows you to write your parameter files natively in the bicep language so in this video Let's jump in and we'll take a look at the features and the functionality that are available here in the first generally available release of bicep param files okay we're over here in Visual Studio code and I've got a few bicep files there that we'll take a look at in just a moment but I do want to pause and point out that to use this bicep param functionality you do need to be running version 0.18 of azure bicep or newer otherwise you won't have this functionality exposed to you so here I've got the Azure biceps CLI installed so if I do a bicep dash dash version you can see right here I am indeed running version 0.18.1 sorry 0.18.4 of the biceps CLI and similarly I've got the Azure bicep or sorry the Azure CLI installed as well and if I do an AZ bicep version you'll see that I also am running the version 0.18 of bicep there in the Azure CLI now there's a few things that isn't quite working with the Azure CLI as of right now but I'm sure the team is working on that and probably by the time you watch this video those commands will work but they do work with the native biceps CLI just not the Azure bicep so sorry the AZ bicep CLI version now I've also got the Azure Powershell tools installed and here in Visual Studio code if I jump across two extensions and just do a search for bicep I have also got the bicep extension installed if I just get rid of the terminal there and you'll see that I've got this installed and again as of right now if we look up the top here it is version 0.18.4 so that's important for some of the functionality that I'm going to show you here in Visual Studio code as well so with that out of the way I'm going to jump straight into it so let's go back to Explorer here and I just want to show you a couple of bicep files that I've got in this folder structure it's nothing too complex I don't want to focus too much on the bicep itself because I want to show you the parameter files so here under modules I've got a resource Group directory and then there's a bicep template which is doing a pretty standard deployment of a resource Group here I'm not even going to go through these parameters because I'm calling them from a different bicep file which you'll see in just a moment and similarly under storage account I've got a storage account bicep file which again is doing a pretty stock standard deployment of a storage account again the resources themselves aren't too important and that's not what I want to really focus on here so what I've got is I've got a deploy Dash environment.bicep file and if I get rid of that on the side to get some more screen real estate what I do want to go through here are some of the parameters so towards the top I've got a parameter called environment code which is a string and it's defaulting to Dev and then for this one I've got some allowed values up here so this parameter could be set to either Dev test or prod the next parameter down is the location which is being set to a string and again I've got some allowed locations so I can deploy to Australia east Southeast Asia or east us too the next one down is a parameter for tags and this one is an object and it defaults to being an empty object so that is optional so the ones up above were required actually that's not specifically true because I've got a default uh there for the environment code so let's change that across to optional while we're here and if I scroll down just a little bit more then we've got one more parameter down here on line 21 which is whether to deploy storage or not so I've got a Boolean there obviously true or false as to whether to deploy a storage account and then down here I've got a variable that I'm setting which is for the storage account name and I'm using a function in here to use or to grab or to generate a unique string based off the subscription ID and that's going to be important for our parameter files or our bicep parameter files because I'm going to move that out into the parameter file a little bit later on so just keep in the back of your mind for now that I am generating the storage account name in the bicep file right now as a variable but we will move that out a little later on next down here I'm setting the target scope to the subscription because I'm deploying a resource Group so this bicep deployment needs to be targeted at a subscription and then I'm just using modules here so the first module is deploying a resource Group using that Resource Group dot bicep template and then I'm using some of the parameters that we've passed in so we've got environment code here is making the name of the resource Group and we're passing through the location and the tags from parameters through to that module as values and then down here a little bit further again another module to go ahead and deploy the storage account over there on the right hand side I do have a condition so if that Boolean for deploy storage account was true then it will go ahead and deploy the storage account if it was false it won't deploy the storage account that's all I've got I don't want this to take too long like I said I don't want to get bogged too much down in the bicep itself I want to show you the bicep param files so with that said if I come across here into the Explorer how can you go ahead and create a bicep parameter file and there's a few ways to do it you can just go ahead and start with nothing and create a new file here so let me go ahead and just say we'll call this one parameters dot now the extension here that you need for bicep parameter files is bicep and then param at the end and you'll notice there that that little icon on the left hand side you see the little uh bicep icon there it has got the brackets around it to indicate that that is a bicep parameter file rather than this one up here which is the standard bicep file itself so there is a distinction there between bicep param and Dot bicep now let me get a let me go ahead and close down the Explorer there on the left hand side and you'll notice immediately this file isn't happy we've got an error there and a red squiggly line with the bicep Ram file if I go ahead and hover over that it tells me that a using declaration must be present in this parameters file what a using declaration is is we are going to tell this bicep parameter file which bicep file that it is associated with and that's so it can do a lot of the validation as we go through here and put in our values for our parameters so if I just go ahead here and type using which is the first keyword keyword that we can use in bicep param files I then need to give it the path of the bicep file that I'm going to associate this parameter file with that's a little bit different to what you're probably used to with json-based parameter files because you don't directly associate it with an arm template or a bicep file so I'll go ahead and Associate it with my deploy Dash environment dot bicep file but again something's not happy here and if I hover over that it tells me that the following parameters are declared in the bicep file but they're missing an assignment in the parameters file so this is doing real time validation against the bicep file to make sure that as we author this parameter file that we've got the right values in here so let's go ahead and I'll enter down a couple of lines the only other keyword that is available today in a bicep param file is the param keyword so this is how we Define each of the parameters so I'll say param and we will go with environment code to start with and then I'll put an equal sign and then give it the value and notice there it's automatically already popped up and said do you want it to be Dev test or prod and that's because it's doing validation against my allowed values over here remember here for this parameter of environment code I had allowed values of Dev test or prod so if I come back over to here and I do something else like uat for example this is not going to be happy and if I hover over it it says that environment code expects a value of Dev test or prod but the provided value is uat so we're getting that real-time validation as we author these bicep parameter files something that you've probably been very used to if you've been authoring bicep itself and it's really awesome to see this here in bicep param files as well so I'm going to go ahead and set that to Dev for now and we need a few other parameters so what else have we got we'll do the location and we'll set that to Australia East and the next one was for deploy storage I'm just going to set that to false for now and then we had one that was optional which was tags but let's go ahead and it knows that it's going to be an object so I'll choose that in there but let's put some tags in let's go with actually I want to show you that you can reference other parameter values here in line so let's go with environment for the name of the tag and for the value I can reference one of these other parameters here so I'm going to say environment code and that looks good there and then I'll put another tag in say deployed with and we'll put a string for IAC so that we know that these resources have been deployed with infrastructure as code with that said that is the bicep parameter file so that is creating it from scratch you know just creating a DOT bicep Ram file defining the using statement to tell it which bicep file that you're going to associate is parameter file with and then go ahead and declare your parameters in here now another thing to note is let's say we had what have I got here I've got a Boolean for deploy storage but if I try and set that to a string for example by putting it in single quotes again it's doing that real-time validation against the bicep file and it says here that deploy storage expects a value of type bull but the provided value is of type false which is actually a string so again as you author these bicep param files you get that real-time validation that we've been used to with bicep as we move forward here now before I go ahead and do deployments which we'll do in just a second I want to show you a few other ways that you can go ahead and create bicep Ram files so what I'll do is actually let's get rid of this file because we're not going to need that anymore so I'll do a delete there now there's a few different ways that you can generate the the bicep param files in vs code here I can just right click on this deploy environment.bicep file and there's an option right here to generate parameters file right from the menu so I'll go ahead and select that and at the top here it now says just please select the output format so previously this would just default to creating a json-based parameter file which you can see here at the top but now we've got an option to create a bicep param file and then when I choose that it says hey which parameters do you want to include in the in the parameters file do you want just the required parameters so those that don't have a default value in the bicep or do you want all of them so let's go ahead for this one and we'll choose all and in the log there we set we can see that it's generated the parameters file successfully I'll go ahead and get rid of that and you can see here that it's filled out the using statement against the bicep file that we generated it from and it's gone ahead and put those parameters in as we said we said all of them not just the required ones and it's gone ahead and populated some of the default values as well from that bicep file so that is how we can generate it using visual studio code and you'll notice here it's just named it the same as the bicep file obviously just with the bicep param extension rather than dot bicep let me go ahead and I'm going to delete that for now and if we jump across X if I just bring up the terminal actually and let's get rid of the file explorer there on the left hand side and clear the screen we can also generate the bicep param file using the Azure biceps CLI so if I paste in here the command here is bicep generate Dash params which we've always been able to use but it's only previously done Json files dash dash file and I'm giving it the path to my bicep file and then dash dash output Dash format at the end there is the important thing and I'm telling it that this is a bicep param file so if I go ahead and press enter on that it tells me dash dash file is not recognized and I think with bicep it actually just wants the path there so I'll take our dash dash file that looks a little bit better if I go to Explorer here we can see again we've got a bicep param file it is got the using statement in there because we told it which bicep file to associate with and we've got just the location and deploy storage so note that we don't have all of the parameters here now let me go ahead and close that down back down here there is another switch or argument that we can put here which is as you can see I've gone through this already dash dash include Dash params and you can tell it here to include all parameters or you could also just set this to required but that is the default Behavior as you just saw was to do just required but if I go ahead and set that to all and then we go back into Explorer you'll notice now we've got the other additional parameters there that weren't in there when it was just generating the required ones so like I said at the start of this video as well if I clear the screen there I'm just going to up Arrow to bring that back because you can use the Azure CLI and there's a there's a bicep component within the Azure CLI to use the command line interface for bicep as well but like I said if I press enter on that actually I think that one is going to want the dash dash file path so let me put dash dash file back in there slight differentiation there between the Azure CLI and bicep CLI itself you'll notice here that it does indeed say at the moment there are unrecognized Arguments for the output format and the include params and that's because just as of right now when I'm recording this video the Azure CLI hasn't been updated to know about those new arguments yet so if you're going to be using it right now with the CLI you probably just need to use the bicep CLI I'm sure in a couple of weeks time that the team will have updated the Azure CLI to have those arguments known in there as well and you'll be able to use the Azure CLI to perform these command line level tasks as well so let me clear the screen there and let's get rid of the terminal so this is how to generate a bicep parameter file from scratch but as per normal bicep itself you can also convert a json-based parameter file across to a bicep param file so let me go ahead and delete this bicep param file and I'm going to go ahead and generate a parameters file but I'm going to do a json-based one with all of the parameters in here and it actually that's interesting it hasn't pulled all of the parameters in but that's okay let me put a value in here for location which can be Australia East and we've got deploy storage which was false what else did we have um I'll go back to deploy environment we've got environment code which I'll grab environment code and we will set that in here to Dev and I know there's another one for tags but let's just leave it at that for now so I've now got a a parameters file which is Json format which is the older format that we used to use a lot with arm templates and bicep up until now and if I've got all of these parameter files throughout my environment that I'm using already with by with bicep I can just go ahead and convert these to a bicep Ram file so again right here in Visual Studio code I can right click on the Json file and you'll see right down the bottom here there's a decompile into bicep params so if I go ahead and select that it will ask me if I've got an existing bicep param file that I want to point this towards actually that's interesting I think that's a bug in the user interface it's saying here to select a parameter file but I think this is actually saying select which bicep file to associate that with let's check out something here let me set this to none and we'll see what happens so I've set that to none and here I've got a bicep param file so let's open that up and yeah so at the top there on line one you'll see that it hasn't filled out a bicep file in the using statement and it's telling me in the comment there to provide a path to a bicep template so in there I could go ahead and Associate this manually with the deploy environment.bicep and then this file becomes happy and you'll notice the parameters there have been decompiled from the Json file into the bicep param file but interestingly enough like I said I think that was a bug in the user interface let me go ahead and delete the bicep param file and I'm going to go ahead and decompile into bicep params again but this time I'm going to browse and I'm going to browse to the dot bicep file and I'm expecting this time that it's actually going to put that in the using statement at the top here which indeed it has we've now got using pointing to the right bicep file so I think the wording there in the user interface was just a little bit off but that is taking an existing json-based parameter file and decompiling it straight into a bicep param file let me go ahead and delete that again because down here if I go ahead and get rid of Explorer on the left hand side and go back to my Powershell terminal you can also do this with the command line interface and the command to do that is bicep decompile Dash params and then you provide a path to the Json base file that you want to decompile and then use say dash dash bicep Dash file and pass the bicep file that you're associating it with so if I press enter on that we can see there that a warning at the moment that a deacon decomposition is a best effort process and there's no guaranteed mapping from arm.json to bicep that's all well and good though if we check out our bicep param file again we can see that it is got the using statement it's filled out the right bicep file and it's carried across the parameters that I had in the Json file along with their values as well so if you've got existing parameter files throughout your environment that are json-based it's very very easy to convert those across to bicep param files you don't have to go and create them from scratch or anything like that so let me go ahead and close those down and next up I want to show you about this real-time validation as well and you have kind of seen this in action but right now we've got a parameters file here that is pointing at deploy Dash environment.bicep so if I go back to this bicep file and let's just say if I scroll down and just put a new parameter here doesn't matter what it is I'll call it my new param and we'll make that a string for now I haven't even saved this bicep file and if you're paying attention you'll see up the top here that the bicep param file has gone red because it has now got an error and if I go across to that file and then hover over deploy.environment it's telling me that the following that the following parameters are declared in the bicep file but they're missing an assignment here in the bicep param file so that is how good the real-time validation is so I would go and create a new param here for my new param and then provide it a string value and there we go everything is happy again so from an authoring perspective it is just it's what we've been used to with Azure bicep right it's real time it's here in Visual Studio code and it means that we catch a lot more of those errors earlier on before we go ahead and push this into a git repository and deploy with a pipeline or deploy it ourselves with Visual Studio code or Azure CLI or one of the tools like that now I do want to get onto deployments and show you that because actually it's not too exciting because there's not really that much different to show you than before but before we do deployments there's one other thing that I want to show you here in the bicep param file so let's keep that one for now that's all good I'm going to go back and just delete my temporary parameter that I had there so we're back to a good State here we've got a deploy Dash environment bicep file and a bicep param file let's go ahead and delete the old Json file that we don't need anymore and I just wanted to show you that you can use some expressions in the bicep parameter files as well so remember back a few minutes ago or at the start of this video I said that down here I'd created a variable for the storage account name and that was doing some string interpolation so I've got St at the start there and then I'm grabbing a unique string based off the subscription ID and it's it's interpolating that together to create a storage account name which is going to be unique now what we can do is I'm going to create a new parameter here in the bicep file and I'll call it storage account name so it's going to conflict there for just a second and we want this to be just a string and down here actually I'm going to copy that because that can come in handy in a moment and I'm going to just comment out the variable there I won't go ahead and set a description or anything like that if I jump back to the bicep parameters file what we can do now is we've got a param and we need the storage account name and this time when I do equals I'm just going to paste in that expression from before so in the Expressions here as of right now you can use any of the functions that sit within the sys namespace of bicep and your next string is one of those things now we can't do everything in here so you'll see it's not happy with me trying to reference a subscription and that's because a bicep param file doesn't have any knowledge of a subscription a bicep file does because of where we're going to be running the deployment to and that's generated and calculated at runtime but to generate the parameter values themselves the bicep param file has no knowledge of that so I can't use the subscription function there but I can use the unique string function so instead of it being a subscription ID there I can just say base this off a unique string which is my unique string so that still allows me to use functions here in the bicep param file and another one that I'll show you as well is with environment code actually sorry we have uh sorry with deploy storage so at the moment that is set to false but we can make this conditional so if we do an if else in here this is a standard if else condition Syntax for bicep and it translates across to the bicep param file as well so we've got a condition and then a true value and a false value so I'm going to set the condition to say environment code equals Dev then the true value is going to be false because I don't want to deploy storage for the dev environment but if the environment code is anything else then I want this to be set to true so you can see here that this is now going to read this param file down sorry this parameter value down here for environment code and in this case it is set to Dev so deploy storage is going to evaluate this time to false which when it gets to my deploy environment bicep down here going to pass that through and not meet this condition and therefore it is not going to deploy the storage account so that is just one example or two examples right now of how you can start to use some functions and some conditions here in the bicep param file and kind of bring those out of your bicep files if it makes sense and and surface them higher up in your bicep param files so with all that said let's actually do a deployment right because this has been a lot of talk and not much show so if I bring up my terminal here again at the bottom and clear the screen I've gone ahead already and done an AZ login to connect with the Azure CLI to my Azure account and I've done a connect Dash AZ account to connect with Powershell as well so I want to show you three ways to deploy uh the bicep file here with the bicep parameter file we're going to do Azure CLI Azure Powershell and visual studio code and like I said a few moments ago this is going to be relatively boring because it's not that different than the Json files than you've that you've been working with in the past let's go ahead and we'll start with the Azure CLI so the command here is AZ deployment actually I think that needs to be a sub create because let me just go back there AZ deployment sub create because my deployment needs to go to the subscription not to a resource Group Dash f is the file that we're going to provide so that's the bicep file deploy Dash environment and then we've got Dash p over there towards the right hand side for specifying the bicep param file historically that's where you would have specified the Json file but you can just now change that across for a bicep param file and it knows how to handle that and because this is a subscription deployment at the end there I do need to provide a location which I'll set to Australia East so first let me make sure I save this bicep param file and I'll press enter there and let it go ahead and do the deployment and what have I done I'm not specifying the right bicep param file because we went ahead and generated one with a different name so let me there we go so this one is deployee dash environment.parameters dot bicep param and I'll go ahead and press enter and while it's doing that in the background over here in the Azure portal I am logged into my Azure account and remember so the bicep file that I had was deploying a resource Group and conditionally was deploying a storage account now we made it so that the value for True or fals as to whether deploy a storage account for Dev is going to be false so the only thing I'm expecting to see here in a few moments is a resource Group to be deployed okay that's finished up and the provisioning state is succeeded so if I go ahead and do another refresh there we go RG Dash dev-001 and of course the dev in the name there was being pulled in from the parameter file where we set the value for environment code and if I go into that I'm not expecting to see anything there there are no resources which is exactly what I expected for the dev environment so let's go back into Visual Studio code here and what was next so that's the Azure CLI so let's go ahead and do it with Azure Powershell so this one we need to use new Dash AZ subscription deployment because again we're going to the subscription scope here I need to write provide it with a location which is Australia East the template file sorry I've actually pasted that in twice let me get rid of that the template file is deploy Dash environment dot bicep and then we need to provide it with our parameter file which we can see there we've got Dash template parameter file and in this case because I have changed the name of it let's just have this out was deploy dash environment.parameters dot bicep param again the newer versions of azure CLI and the Azure Powershell modules know how to deal with the bicep param file you don't have to decompile it to Json first or do anything like that so these commands can now take a bicep file for the infrastructure as code itself and a bicep param file natively use them to deploy to Azure and you don't even need to really worry about the underlying decompiling or transpiling to Json that's going on as it goes ahead and deploys into Azure so I'm not expecting that to deploy anything different because we're using the same bicep file and the bicep parameters file so if we give that just a minute or two I'm sure that's going to come back with a success message there we go that's come back now and if I scroll up a little bit we can indeed see that the provisioning state there was succeeded so that is all well and good now the last way that I want to show you how to do a deployment here is using visual studio code and actually what I want to do is I'm going to go ahead and create a new bicep param file so I'm just going to rename this one here and I'm going to call this one Dev so deploy dash environment.dev dot bicep param and I'm going to make a copy of that and rename this one to be prod and so in the prod bicep param we're going to set the environment code across to prod and I'm not going to change anything else because that all looks pretty good and this time if I right click on the bicep file from here in Visual Studio code we've always been able to do this but I can deploy a bicep file straight from Visual Studio code so that's the deployment name I'll leave that as is for now that's fine that's the subscription that I need to go to that's the location that I need to use because I'm doing that subscription-based deployment or the subscription scoped deployment and here's where it asks me to select a parameter file and again previously this is where I would just select a Json file but now I can choose a bicep param file and I'm going to choose here deploy Dash environment dot prod dot bicep param so that's the prod file that we just used there a moment ago now that has gone off and started the deployment we can see there that it says to view the deployment in the portal we can go to this URL let's actually go ahead and bring that up here in the browser and we can see the deployment started off and the resource Group there is deploying RG Dash prod and because this is a prod environment I was now expecting that this deploy storage Boolean will resolve to true because the environment code is prod therefore the condition here being met is true which would then tell it to go ahead and deploy the storage account and we can also see that the storage account name there if I just in there that's the name of our storage account and you can see that the unique string there has been generated based off the function that we were using in the bicep param file so there we go the deployment is complete I'm sure if I go ahead and go across to the resource Group and go to the resource there inside of that Resource Group we indeed do see the storage account so that is a couple of examples of doing a deployment using the Azure CLI the Microsoft Powershell Azure modules and also from Visual Studio code so there's just a couple of things that I want to mention here as we wrap up and the first one is around environment variables and this is quite a cool feature for a couple of different use cases so let me go ahead and get rid of the uh Explorer on the left hand side there what I want to show you is let me just make this a little bit more condensed here there's some functionality in the bicep param file that instead of defining the values here either based on a condition or hard coded such as location is hard coded here in this bicep param file to Australia East and my environment code here is hard coded to prod there's functionality that Microsoft or the bicep team have put in the bicep param file to allow you to allow you to read in an environment variable instead of hard coding a value here in the bicep param file so instead of the environment code here being prod I could instead take that out and if I start to type it out we can get the intellisense here for read environment variable and it is expecting me to pass in the name of an environment variable that would exist on the system that is deploying this bicep file so if I went ahead and put in some string there and then I said EnV code I don't have an environment variable right now called EnV code so it's telling me that it's failing to evaluate that because that environment variable does not exist but think about if I was deploying my infrastructure as code using bicep on something like a GitHub actions Runner or an Azure devops Runner or some sort of pipeline and a lot of people prefer or have systems in processes that read in environment variables or generate environment variables when the pipeline starts for a lot of these different things so my pipeline might be doing a deployment of infrastructure as code it might be doing a release of an application into some of that infrastructure it might be doing many things so within the pipeline itself I might set an environment variable called EnV code set to Dev test or prod and then instead of me having to code it in here to the bicep param file I can just use that functionality there using the read environment variable function to read that in at compile time and make that the value of that parameter so hopefully that makes sense I thought that was a really good use case especially for things like pipelines and it can potentially allow your bicep Ram files to be a little bit more flexible as well I've seen a lot of scenarios with the json-based files where people will have a kind of generic by uh sorry I was about to say bicep param they will have a kind of generic uh Json file for for a parameters file and then in a pipeline they will have a find and replace task effectively so you'll have some default values there in the Json file but then there'll be a task before the infrastructure's code deployment that goes and replaces the values in that parameter file based off of environment variables so this just kind of Skips over needing to do some of that and provides a bit more flexibility here to the bicep param file so I'll go ahead and set that back there to prod but that is how to read an environment variable in and I'm sure over time we're actually going to see a lot more functionality like that brought here into the bicep param file now the last thing that I just wanted to not really show you but just make you aware of as of right now and this is probably about to change is key Vault references with parameter files what I want to do first though is generate a parameters file and a Json one and it doesn't matter here too much I'll just do the required only that's fine and back in my bicep file I'm just going to create a new parameter here let's call it admin password let's pretend I needed a password to pass through to create a virtual machine or something like that and I would set that to being a secure string because we don't want that surfaced in any deployment logs or pipelines or anything like that so I'll save my parameter file if I come across here to the bicep param file it's telling me I don't have that defined which is all well and good actually sorry I wanted to go to the Json file let me go ahead and delete these bicep param files for now because we'll generate those again in just a moment now normally what I could do here I'm just going to copy this in in Json syntax we could create a key Vault reference so the parameter here was admin password and then I'm doing a reference to a key Vault so we would typically provide an ID to the specific key Vault where our secrets held and then the name of the secret here you know that might be admin password or whatever doesn't matter too much so then what would happen is when you go ahead and use this Json file as your parameter file to deploy your infrastructure as code as long as wherever you're deploying that from if it's a pipeline then it needs then it's the service principle if it's me here in Visual Studio code it would be my account just needs access to get the secret from that Target key Vault and in Azure resource manager itself will go ahead and retrieve the value out of key Vault and then go and perform the deployment now if I go ahead and save this Json file this functionality right here isn't in bicep param just yet and I imagine it is super close and I'll show you why in just a moment but if I right clicked on this Json file now and decompiled that into bicep params and I'll point it to our deploy environment bicep file oh there's no value there for location sorry let me just fix that up so in location we need to put value and I'll put that as Australia East so let's save that and we'll do that again right click decompile into bicep params point it towards my bicep file and there we go so I've now got the bicep param file but if I go ahead and open that up you'll see down here that there's just got a question mark for the admin password and it says down here in a comment the key Vault references are not supported in bicep parameters files so that is a restriction as of right now but I dare say I'm just going to open up the web browser here is an open issue in the Azure bicep GitHub repository for support for key Vault secrets and the team here are aiming to use this function here called get secret and then a couple of brackets so if I scroll down to one of the examples I think they've got examples here yep just down here let me try and zoom in a little bit this is going to get a little bit warped sorry but this is an example right here of where it is a parameters file a bicep param file and you can see down here it's got param SQL password and then it's using a get secret function and you would then provide the subscription ID Resource Group name key Vault name and the secret name and optionally the secret version and that would allow you then to Define that in the bicep param file to go ahead and retrieve key Vault secret values when you're deploying your infrastructure as code but as of right now that isn't yet available but the reason I say that it's so close is because it looks like that this has actually been linked to a pull request so I imagine that this is coming out in a DOT release probably in the next couple of weeks I imagine as of right now it's middle of June 2023 by the time you're watching this this functionality may actually be there and across here in your bicep param file you might be able to use that get secret function and then go ahead and Define the subscription and the resource Group and the name of the key Vault that you want to get the secret from now a quick work around to that as of right now if you're deploying your infrastructures code using a pipeline you might be able to use the read environment variables that we used before and say that's admin password and then in your pipeline earlier on you could do a task that's going in getting Secrets out of key Vault and setting them as environment variables so then that this would read in the environment variable securely pass it through to the bicep deployment and go ahead with the deployment but as of right now that functionality isn't available I did just want to call that out with that said that's pretty much it that's I'm sure there's a few other nooks and crannies of bicep Ram files but that is the main stuff so we've gone through what bicep param files are what the requirements are how to create them from scratch using the bicep CLI using visual studio code and then we went through deployments using the Azure CLI Azure Powershell and visual studio code so with that that's pretty much all I've got for you the only other reference that I'll leave you with which is all down below in the links by the way is there is an a an issue here again on the GitHub for bicep called bicep parameters upcoming features and if you go through this it will have the user stories around what they want to be able to do with the bicep file parameters sorry the bicep parameter files and what some of the upcoming features are and there's some things here that need feedback and investigation that they're still working on so if you haven't seen some of the work that the bicep team have done before it is developed pretty much all out in the open there are Community calls every month again I'll link to some of those below where you can see them you can jump on talk to the bicep team give feedback you can do it here on GitHub they are very much about asking the community and getting guidance from the community and showing features and they'll say hey here's what we're thinking is that going to work for you or do you have other scenarios that we need to account for or think about so come here into GitHub have a look specifically at this one it will show some of the the features around bicep param files but just in general with the with the Azure bicep development that's going on the team are really awesome about involving the community so with that said that's all I've got for you so go ahead and end this video go and find all of your json-based parameter files convert them across to bicep param files maybe use some of the new functionality that's in there and with that said I hope this has been valuable for you thanks so much for watching and I'll see you again in the next one [Music]
Info
Channel: Matt Allford
Views: 2,556
Rating: undefined out of 5
Keywords: azure, bicep, bicep azure, iac, infrastructure, infrastructure as code, cloud, automation, parameter, parameters, parameter file
Id: AMOj5-puoGI
Channel Id: undefined
Length: 43min 18sec (2598 seconds)
Published: Fri Jun 16 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.